%%%
%%%               ejabberd configuration file
%%%
%%%'

%%% The parameters used in this configuration file are explained in more detail
%%% in the ejabberd Installation and Operation Guide.
%%% Please consult the Guide in case of doubts, it is included with
%%% your copy of ejabberd, and is also available online at
%%% http://www.process-one.net/en/ejabberd/docs/

%%% This configuration file contains Erlang terms.
%%% In case you want to understand the syntax, here are the concepts:
%%%
%%%  - The character to comment a line is %
%%%
%%%  - Each term ends in a dot, for example:
%%%      override_global.
%%%
%%%  - A tuple has a fixed definition, its elements are
%%%    enclosed in {}, and separated with commas:
%%%      {loglevel, 4}.
%%%
%%%  - A list can have as many elements as you want,
%%%    and is enclosed in [], for example:
%%%      [http_poll, web_admin, tls]
%%%
%%%    Pay attention that list elements are delimited with commas,
%%%    but no comma is allowed after the last list element. This will
%%%    give a syntax error unlike in more lenient languages (e.g. Python).
%%%
%%%  - A keyword of ejabberd is a word in lowercase.
%%%    Strings are enclosed in "" and can contain spaces, dots, ...
%%%      {language, "en"}.
%%%      {ldap_rootdn, "dc=example,dc=com"}.
%%%
%%%  - This term includes a tuple, a keyword, a list, and two strings:
%%%      {hosts, ["jabber.example.net", "im.example.com"]}.
%%%
%%%  - This config is preprocessed during release generation by a tool which
%%%    interprets double curly braces as substitution markers, so avoid this
%%%    syntax in this file (though it's valid Erlang).
%%%
%%%    So this is OK (though arguably looks quite ugly):
%%%      { {s2s_addr, "example-host.net"}, {127,0,0,1} }.
%%%
%%%    And I can't give an example of what's not OK exactly because
%%%    of this rule.
%%%


%%%.   =======================
%%%'   OVERRIDE STORED OPTIONS

%%
%% Override the old values stored in the database.
%%

%%
%% Override global options (shared by all ejabberd nodes in a cluster).
%%
%%override_global.

%%
%% Override local options (specific for this particular ejabberd node).
%%
%%override_local.

%%
%% Remove the Access Control Lists before new ones are added.
%%
%%override_acls.


%%%.   =========
%%%'   DEBUGGING

%%
%% loglevel: Verbosity of log files generated by ejabberd.
%% 0: No ejabberd log at all (not recommended)
%% 1: Critical
%% 2: Error
%% 3: Warning
%% 4: Info
%% 5: Debug
%%
{loglevel, 3}.

%%
%% alarms: an optional alarm handler, subscribed to system events
%% long_gc: minimum GC time in ms for long_gc alarm
%% large_heap: minimum process heap size for large_heap alarm
%% handlers: a list of alarm handlers
%%   - alarms_basic_handler:  logs alarms and stores a brief alarm summary
%%   - alarms_folsom_handler: stores alarm details in folsom metrics
%%
%% Example:
%% {alarms,
%%  [{long_gc, 10000},
%%   {large_heap, 1000000},
%%   {handlers, [alarms_basic_handler,
%%               alarms_folsom_handler]}]
%% }.

%%
%% watchdog_admins: Only useful for developers: if an ejabberd process
%% consumes a lot of memory, send live notifications to these XMPP
%% accounts. Requires alarms (see above).
%%
%%{watchdog_admins, ["bob@example.com"]}.


%%%.   ================
%%%'   SERVED HOSTNAMES

%%
%% hosts: Domains served by ejabberd.
%% You can define one or several, for example:
%% {hosts, ["example.net", "example.com", "example.org"]}.
%%
{hosts, {{hosts}} }.

%%
%% route_subdomains: Delegate subdomains to other XMPP servers.
%% For example, if this ejabberd serves example.org and you want
%% to allow communication with an XMPP server called im.example.org.
%%
%%{route_subdomains, s2s}.


%%%.   ===============
%%%'   LISTENING PORTS

%%
%% listen: The ports ejabberd will listen on, which service each is handled
%% by and what options to start it with.
%%
{listen,
 [
  %% HTTP endpoints
  { {{cowboy_port}}, ejabberd_cowboy, [
      {num_acceptors, 10},
      {max_connections, 1024},
      {modules, [
          %% Modules used here should also be listed in the MODULES section.
          {"localhost", "/api", mongoose_api, [{handlers, [mongoose_api_metrics,
                                                           mongoose_api_users]}]},
          {"_", "/http-bind", mod_bosh},
          {"_", "/ws-xmpp", mod_websockets}
          %% Uncomment to serve static files
          %{"_", "/static/[...]", cowboy_static,
          %  {dir, "/var/www", [{mimetypes, cow_mimetypes, all}]}
          %},
      ]}
  ]},

  %% HTTPS endpoints

  { {{cowboy_port_secure}}, ejabberd_cowboy, [
        {num_acceptors, 10},
        {max_connections, 1024},
        {{https_config}}
        {modules, [
            %% Modules used here should also be listed in the MODULES section.
            {"localhost", "/api", mongoose_api, [{handlers, [mongoose_api_metrics,
                                                             mongoose_api_users]}]},
            {"_", "/http-bind", mod_bosh},
            {"_", "/ws-xmpp", mod_websockets}
            %% Uncomment to serve static files
            %{"_", "/static/[...]", cowboy_static,
            %  {dir, "/var/www", [{mimetypes, cow_mimetypes, all}]}
            %},
        ]}
    ]},

  { {{ejabberd_c2s_port}}, ejabberd_c2s, [

			%%
			%% If TLS is compiled in and you installed a SSL
			%% certificate, specify the full path to the
			%% file and uncomment this line:
			%%
                        {{tls_config}}
                        {{zlib}}
			%% https://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
			%% {ciphers, "DEFAULT:!EXPORT:!LOW:!SSLv2"},
			{access, c2s},
			{shaper, c2s_shaper},
			{max_stanza_size, 65536}
		       ]},

  {{secondary_c2s}}

  %%
  %% To enable the old SSL connection method on port 5223:
  %%
  %%{5223, ejabberd_c2s, [
  %%			{access, c2s},
  %%			{shaper, c2s_shaper},
  %%			{certfile, "/path/to/ssl.pem"}, tls,
  %%			{max_stanza_size, 65536}
  %%		       ]},

  { {{ejabberd_s2s_in_port}}, ejabberd_s2s_in, [
			   {shaper, s2s_shaper},
			   {max_stanza_size, 131072}
			  ]}

  %%
  %% ejabberd_service: Interact with external components (transports, ...)
  %%
  %%{8888, ejabberd_service, [
  %%			    {access, all},
  %%			    {shaper_rule, fast},
  %%			    {ip, {127, 0, 0, 1}},
  %%			    {hosts, ["icq.example.org", "sms.example.org"],
  %%			     [{password, "secret"}]
  %%			    }
  %%			   ]},

  %%
  %% ejabberd_stun: Handles STUN Binding requests
  %%
  %%{ {3478, udp}, ejabberd_stun, []}

 ]}.

%%
%% s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
%% Allowed values are: false optional required required_trusted
%% You must specify a certificate file.
%%
%%{s2s_use_starttls, optional}.

%%
%% s2s_certfile: Specify a certificate file.
%%
%%{s2s_certfile, "/path/to/ssl.pem"}.

%% https://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
%% {s2s_ciphers, "DEFAULT:!EXPORT:!LOW:!SSLv2"}.

%%
%% domain_certfile: Specify a different certificate for each served hostname.
%%
%%{domain_certfile, "example.org", "/path/to/example_org.pem"}.
%%{domain_certfile, "example.com", "/path/to/example_com.pem"}.

%%
%% S2S whitelist or blacklist
%%
%% Default s2s policy for undefined hosts.
%%
{s2s_default_policy, {{s2s_default_policy}} }.

%%
%% Allow or deny communication with specific servers.
%%
%%{ {s2s_host, "goodhost.org"}, allow}.
%%{ {s2s_host, "badhost.org"}, deny}.

{outgoing_s2s_port, {{outgoing_s2s_port}} }.

%%
%% IP addresses predefined for specific hosts to skip DNS lookups.
%% Ports defined here take precedence over outgoing_s2s_port.
%% Examples:
%%
%% { {s2s_addr, "example-host.net"}, {127,0,0,1} }.
%% { {s2s_addr, "example-host.net"}, { {127,0,0,1}, 5269 } }.
{{s2s_addr}}

%%
%% Outgoing S2S options
%%
%% Preferred address families (which to try first) and connect timeout
%% in milliseconds.
%%
%%{outgoing_s2s_options, [ipv4, ipv6], 10000}.

%%%.   ==============
%%%'   SESSION BACKEND

%%{sm_backend, {mnesia, []}}.

%%{sm_backend, {redis, [{pool_size, 3}, {worker_config, [{host, "localhost"}, {port, 6379}]}]}}.
{sm_backend, {{sm_backend}} }.


%%%.   ==============
%%%'   AUTHENTICATION

%%
%% auth_method: Method used to authenticate the users.
%% The default method is the internal.
%% If you want to use a different method,
%% comment this line and enable the correct ones.
%%
{auth_method, {{auth_method}} }.
{auth_opts, [
             %% Store the plain passwords or hashed for SCRAM:
             %% {password_format, plain} % default
             %% {password_format, scram}
             %% {scram_iterations, 4096} % default
             %%
             %% For auth_http:
             %% {host, IP | Hostname}
             %% {connection_pool_size, 10} % default
             %% {connection_opts, Opts}
             %% {basic_auth, "user:password"}
             %% {path_prefix, "/"} % default
             %%
             %% For auth_external
             {{ext_auth_script}}
            ]}.


%%
%% Authentication using external script
%% Make sure the script is executable by ejabberd.
%%
%%{auth_method, external}.

%%
%% Authentication using ODBC
%% Remember to setup a database in the next section.
%%
%%{auth_method, odbc}.

%%
%% Authentication using LDAP
%%
%%{auth_method, ldap}.
%%
{{auth_ldap}}
%% List of LDAP servers:
%%{ldap_servers, ["localhost"]}.
%%
%% Encryption of connection to LDAP servers:
%%{ldap_encrypt, none}.
%%{ldap_encrypt, tls}.
%%
%% Port to connect to on LDAP servers:
%%{ldap_port, 389}.
%%{ldap_port, 636}.
%%
%% LDAP manager:
%%{ldap_rootdn, "dc=example,dc=com"}.
%%
%% Password of LDAP manager:
%%{ldap_password, "******"}.
%%
%% Search base of LDAP directory:
%%{ldap_base, "dc=example,dc=com"}.
%%
%% LDAP attribute that holds user ID:
%%{ldap_uids, [{"mail", "%u@mail.example.org"}]}.
%%
%% LDAP filter:
%%{ldap_filter, "(objectClass=shadowAccount)"}.

%%
%% Anonymous login support:
%%   auth_method: anonymous
%%   anonymous_protocol: sasl_anon | login_anon | both
%%   allow_multiple_connections: true | false
%%
%%{host_config, "public.example.org", [{auth_method, anonymous},
%%                                     {allow_multiple_connections, false},
%%                                     {anonymous_protocol, sasl_anon}]}.
%%
%% To use both anonymous and internal authentication:
%%
%%{host_config, "public.example.org", [{auth_method, [internal, anonymous]}]}.
{{host_config}}

%%%.   ==============
%%%'   DATABASE SETUP

%% ejabberd by default uses the internal Mnesia database,
%% so you do not necessarily need this section.
%% This section provides configuration examples in case
%% you want to use other database backends.
%% Please consult the ejabberd Guide for details on database creation.

%%
%% MySQL server:
%%
{{odbc_server}}
%%
%% If you want to specify the port:
%%{odbc_server, {mysql, "server", 1234, "database", "username", "password"}}.

%%
%% PostgreSQL server:
%%
%%{odbc_server, {pgsql, "server", "database", "username", "password"}}.
%%
%% If you want to specify the port:
%%{odbc_server, {pgsql, "server", 1234, "database", "username", "password"}}.
%%
%% If you use PostgreSQL, have a large database, and need a
%% faster but inexact replacement for "select count(*) from users"
%%
%%{pgsql_users_number_estimate, true}.

%%
%% ODBC compatible or MSSQL server:
%%
%%{odbc_server, "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"}.

%% Specifies what database is used over the ODBC layer
%% Can take values odbc, pgsql, mysql
%% In some cases (for example for MAM with pgsql) it is required to set proper value.
{{odbc_server_type}}
%%
%% Number of connections to open to the database for each virtual host
%%
%%{odbc_pool_size, 10}.

%%% ====================
%%% RIAK SETUP
%%% ====================

{{riak_server}}

%%
%% Interval to make a dummy SQL request to keep the connections to the
%% database alive. Specify in seconds: for example 28800 means 8 hours
%%
%%{odbc_keepalive_interval, undefined}.


%%%.   ===============
%%%'   TRAFFIC SHAPERS

%%
%% The "normal" shaper limits traffic speed to 1000 B/s
%%
{shaper, normal, {maxrate, 1000}}.

%%
%% The "fast" shaper limits traffic speed to 50000 B/s
%%
{shaper, fast, {maxrate, 50000}}.

%%
%% This option specifies the maximum number of elements in the queue
%% of the FSM. Refer to the documentation for details.
%%
{max_fsm_queue, 1000}.


%%%.   ====================
%%%'   ACCESS CONTROL LISTS

%%
%% The 'admin' ACL grants administrative privileges to XMPP accounts.
%% You can put here as many accounts as you want.
%%
%{acl, admin, {user, "alice", "localhost"}}.
%{acl, admin, {user, "a", "localhost"}}.

%%
%% Blocked users
%%
%%{acl, blocked, {user, "baduser", "example.org"}}.
%%{acl, blocked, {user, "test"}}.

%%
%% Local users: don't modify this line.
%%
{acl, local, {user_regexp, ""}}.

%%
%% More examples of ACLs
%%
%%{acl, jabberorg, {server, "jabber.org"}}.
%%{acl, aleksey, {user, "aleksey", "jabber.ru"}}.
%%{acl, test, {user_regexp, "^test"}}.
%%{acl, test, {user_glob, "test*"}}.

%%
%% Define specific ACLs in a virtual host.
%%
%%{host_config, "localhost",
%% [
%%  {acl, admin, {user, "bob-local", "localhost"}}
%% ]
%%}.


%%%.   ============
%%%'   ACCESS RULES

%% Maximum number of simultaneous sessions allowed for a single user:
{access, max_user_sessions, [{10, all}]}.

%% Maximum number of offline messages that users can have:
{access, max_user_offline_messages, [{5000, admin}, {100, all}]}.

%% This rule allows access only for local users:
{access, local, [{allow, local}]}.

%% Only non-blocked users can use c2s connections:
{access, c2s, [{deny, blocked},
	       {allow, all}]}.

%% For C2S connections, all users except admins use the "normal" shaper
{access, c2s_shaper, [{none, admin},
		      {normal, all}]}.

%% All S2S connections use the "fast" shaper
{access, s2s_shaper, [{fast, all}]}.

%% Admins of this server are also admins of the MUC service:
{access, muc_admin, [{allow, admin}]}.

%% Only accounts of the local ejabberd server can create rooms:
{access, muc_create, [{allow, local}]}.

%% All users are allowed to use the MUC service:
{access, muc, [{allow, all}]}.

%% In-band registration allows registration of any possible username.
%% To disable in-band registration, replace 'allow' with 'deny'.
{access, register, [{allow, all}]}.

%% By default the frequency of account registrations from the same IP
%% is limited to 1 account every 10 minutes. To disable, specify: infinity
{registration_timeout, infinity}.

%% Default settings for MAM.
%% To set non-standard value, replace 'default' with 'allow' or 'deny'.
%% Only user can access his/her archive by default.
%% An online user can read room's archive by default.
%% Only an owner can change settings and purge messages by default.
%% Empty list (i.e. `[]`) means `[{deny, all}]`.
{access, mam_set_prefs, [{default, all}]}.
{access, mam_get_prefs, [{default, all}]}.
{access, mam_lookup_messages, [{default, all}]}.
{access, mam_purge_single_message, [{default, all}]}.
{access, mam_purge_multiple_messages, [{default, all}]}.

%% 1 command of the specified type per second.
{shaper, mam_shaper, {maxrate, 1}}.
%% This shaper is primeraly for Mnesia overload protection during stress testing.
%% The limit is 1000 operations of each type per second.
{shaper, mam_global_shaper, {maxrate, 1000}}.

{access, mam_set_prefs_shaper, [{mam_shaper, all}]}.
{access, mam_get_prefs_shaper, [{mam_shaper, all}]}.
{access, mam_lookup_messages_shaper, [{mam_shaper, all}]}.
{access, mam_purge_single_message_shaper, [{mam_shaper, all}]}.
{access, mam_purge_multiple_messages_shaper, [{mam_shaper, all}]}.

{access, mam_set_prefs_global_shaper, [{mam_global_shaper, all}]}.
{access, mam_get_prefs_global_shaper, [{mam_global_shaper, all}]}.
{access, mam_lookup_messages_global_shaper, [{mam_global_shaper, all}]}.
{access, mam_purge_single_message_global_shaper, [{mam_global_shaper, all}]}.
{access, mam_purge_multiple_messages_global_shaper, [{mam_global_shaper, all}]}.


%%
%% Define specific Access Rules in a virtual host.
%%
%%{host_config, "localhost",
%% [
%%  {access, c2s, [{allow, admin}, {deny, all}]},
%%  {access, register, [{deny, all}]}
%% ]
%%}.


%%%.   ================
%%%'   DEFAULT LANGUAGE

%%
%% language: Default language used for server messages.
%%
{language, "en"}.

%%
%% Set a different default language in a virtual host.
%%
%%{host_config, "localhost",
%% [{language, "ru"}]
%%}.


%%%.   =======
%%%'   MODULES

%%
%% Modules enabled in all ejabberd virtual hosts.
%% For list of possible modules options, check documentation.
%%
{modules,
 [
  %{mod_admin_extra, [{submods, [node, accounts, sessions, vcard,
  %                              roster, last, private, stanza, stats]}]},
  {mod_adhoc, []},
  {{mod_amp}}
  {mod_disco, []},
  {{mod_last}}
  {mod_stream_management, [
                           % default 100
                           % size of a buffer of unacked messages
                           % {buffer_max, 100}

                           % default 1 - server sends the ack request after each stanza
                           % {ack_freq, 1}

                           % default: 600 seconds
                           % {resume_timeout, 600}
                          ]},
  {mod_muc, [
             {host, "muc.@HOST@"},
             {access, muc},
             {access_create, muc_create}
            ]},
  {mod_muc_log,
        [
        {outdir, "/tmp/muclogs"},
        {access_log, muc}
        ]},
  {{mod_offline}}
  {{mod_privacy}}
  {{mod_private}}
% {mod_private, [{backend, mnesia}]},
% {mod_private, [{backend, odbc}]},
  {mod_register, [
		  %%
		  %% Set the minimum informational entropy for passwords.
		  %%
		  %%{password_strength, 32},

		  %%
		  %% After successful registration, the user receives
		  %% a message with this subject and body.
		  %%
		  {welcome_message, {""}},

		  %%
		  %% When a user registers, send a notification to
		  %% these XMPP accounts.
		  %%
                  {{registration_watchers}}

		  %%
		  %% Only clients in the server machine can register accounts
		  %%
		  {ip_access, [{allow, "127.0.0.0/8"},
			       {deny, "0.0.0.0/0"}]},

		  %%
		  %% Local c2s or remote s2s users cannot register accounts
		  %%
		  %%{access_from, deny},

		  {access, register}
		 ]},
  {{mod_roster}}
  {mod_sic, []},
  {{mod_vcard}}
  {mod_bosh, []},
  {mod_websockets, []},
  {mod_carboncopy, []}

  %% 
  %% Message Archive Management (MAM) for registered users.
  %%

  %% A module for storing preferences in RDBMS (used by default).
  %% Enable for private message archives.
% {mod_mam_odbc_prefs, [pm]},
  %% Enable for multiuser message archives.
% {mod_mam_odbc_prefs, [muc]},
  %% Enable for both private and multiuser message archives.
% {mod_mam_odbc_prefs, [pm, muc]},

  %% A module for storing preferences in Mnesia (recommended).
  %% This module will be called each time, as a message is routed.
  %% That is why, Mnesia is better for this job.
% {mod_mam_mnesia_prefs, [pm, muc]},

  %% Mnesia back-end with optimized writes and dirty synchronious writes.
% {mod_mam_mnesia_dirty_prefs, [pm, muc]},

  %% A back-end for storing messages.
  %% Synchronious writer (used by default).
  %% This writer is easy to debug, but writing performance is low.
% {mod_mam_odbc_arch, [pm]},

  %% Enable the module with a custom writer.
% {mod_mam_odbc_arch, [no_writer, pm]},

  %% A pool of asynchronious writers (recommended).
  %% Messages will be grouped together based on archive id.
% {mod_mam_odbc_async_pool_writer, [pm]},

  %% A module for converting an archive id to an integer.
  %% Extract information using ODBC.
% {mod_mam_odbc_user, [pm, muc]},

  %% Cache information about users (recommended).
  %% Requires mod_mam_odbc_user or alternative.
% {mod_mam_cache_user, [pm, muc]},

  %% Enable MAM.
% {mod_mam, []},


  %%
  %% Message Archive Management (MAM) for multi-user chats (MUC).
  %% Enable XEP-0313 for "muc.@HOST@".
  %%

  %% A back-end for storing messages (default for MUC).
  %% Modules mod_mam_muc_* are optimized for MUC.
  %%
  %% Synchronious writer (used by default for MUC).
  %% This module is easy to debug, but performance is low.
% {mod_mam_muc_odbc_arch, []},
% {mod_mam_muc_odbc_arch, [no_writer]},

  %% Asynchronious writer for RDBMS (recommended for MUC).
  %% Messages will be grouped and inserted all at once.
% {mod_mam_muc_odbc_async_pool_writer, []},

  %% Load mod_mam_odbc_user too.

  %% Enable MAM for MUC
% {mod_mam_muc, [{host, "muc.@HOST@"}]}


  %%
  %% MAM configuration examples
  %%

  %% Only MUC, no user-defined preferences, good performance.
% {mod_mam_odbc_user, [muc]},
% {mod_mam_cache_user, [muc]},
% {mod_mam_muc_odbc_arch, [no_writer]},
% {mod_mam_muc_odbc_async_pool_writer, []},
% {mod_mam_muc, [{host, "muc.@HOST@"}]}

  %% Only archives for c2c messages, good performance.
% {mod_mam_odbc_user, [pm]},
% {mod_mam_cache_user, [pm]},
% {mod_mam_mnesia_dirty_prefs, [pm]},
% {mod_mam_odbc_arch, [pm, no_writer]},
% {mod_mam_odbc_async_pool_writer, [pm]},
% {mod_mam, []}

  %% Basic configuration for c2c messages, bad performance, easy to debug.
% {mod_mam_odbc_user, [pm]},
% {mod_mam_odbc_prefs, [pm]},
% {mod_mam_odbc_arch, [pm]},
% {mod_mam, []}

  %% Cassandra c2c conversations.
  %% All queries MUST contain "with" element.
  %% No custom settings supported (always archive).
% {mod_mam_odbc_user, [pm]},
% {mod_mam_cache_user, [pm]},
% {mod_mam_con_ca_arch, [pm]},
% {mod_mam, []}

  %% Cassandra muc conversations.
  %% No custom settings supported (always archive).
% {mod_mam_odbc_user, [muc]},
% {mod_mam_cache_user, [muc]},
% {mod_mam_muc_ca_arch, []},
% {mod_mam_muc, [{host, "muc.@HOST@"}]}

 ]}.

{{module_host_config}}
%%
%% Enable modules with custom options in a specific virtual host
%%
%%{host_config, "localhost",
%% [{ {add, modules},
%%   [
%%    {mod_some_module, []}
%%   ]
%%  }
%% ]}.

%%%.
%%%'

%%% $Id$

%%% Local Variables:
%%% mode: erlang
%%% End:
%%% vim: set filetype=erlang tabstop=8 foldmarker=%%%',%%%. foldmethod=marker:
%%%.
